Setting Up the Tenant

ahead uses Azure Active Directory (AAD) as an identity provider, this enables us to fully integrate into the Microsoft 365 (M365) environment. In turn this means that all users have to have a cloud identity to access ahead. Also we recommend that at least one user has a M365 license assigned that enables SharePoint online (cheapest license: Microsoft 365 F1).

If there is no AAD configured yet, do not worry: Azure AD Connect allows you to quickly onboard to Azure AD and Office 365 and simplifies the management of your on-premises and cloud identity infrastructure. Please do contact us if there are any questions regarding the set-up of a potential hybrid scenario.

‍

Step 1: Filling out the onboarding form --> ahead Onboarding Form

Before we start, make sure that you have the global administrator login ready - or someone with the respective account to your side, it speeds up the process considerably.

When filling out the onboarding form, we will ask you to provide three AD group IDs. Why? ahead has three security roles: Admin, Editor and User. You will create a group for each in the AAD to assign users to their role. We encourage you to already add the core project-team to the admin and editor AD group. You can use security groups but we also support Microsoft 365 groups.

Hint: If you create a team in Microsoft Teams, all owners and members are part of this group. So if you create for example an editor-team in Microsoft Teams - the owner of the team can add new editors without you having to specifically add people to a group.

In summary, you will have to provide the following information that can be found in Azure Portal:

• Azure Directory ID
• E-Mail Address of the IT-responsible person in your organisation
• *.onmicrosoft.com-Domain
• Language(s)- and their respective order
• AD-Group IDs (for each of the groups you've created)

‍

Step 2: Give Consent --> Give App Consent

To be useful for intranet users, ahead requires delegated permissions as well as some application permissions, that's why you have to give app consent using the global admin of the M365 tenant. The following help article describes in detail how we use and access company data: What data we use & access. After giving consent, there will be an error as we first have to enable your tenant. You don't have worry about it.

‍

Some more useful information

• To add ahead to your Office 365 App Launcher, read the following article: Configure App Launcher
• Are you using Conditional Access Policies? Read this article: About Conditional Access and App Protection Policies
• To which systems does ahead connect when inside your browser: List of services ahead uses